Last week we talked about some of the unethical tactics used by “carpetbagger” sales people to generate new accounts. These sales agents exploit the general lack of knowledge and misinformation out there about the PCI DSS requirements. This is one of the reasons it is so important that merchants become PCI compliant and know what it means to be PCI compliant. It starts when you receive a fax or letter, or even when a sales rep comes into your office, stating that your business is not PCI compliant and to contact them right away to avoid penalties for non-compliance.
If you say that you think you are PCI compliant, the next tactic is to ask what the make and model of your processing equipment is. It doesn’t matter what kind of equipment or processing method you tell them, they will then say that that equipment is out of scope, non-compliant, or a tried and true favorite, that your equipment has been “retired.” The sinister part of all this is that after their big spiel, even informed, knowledgeable merchants may begin to doubt their PCI compliant status. Once the seed of doubt is planted and the merchant lets the sales rep get his foot in the door, the scam is halfway home. The merchant’s natural inclination to cooperate with someone who feigns helpfulness assists the scammer in completing their objective: getting you to switch providers under false pretense.
Whenever these cases come up, we find that the perpetrators further compound the fraudulent act by falsely representing themselves as your current provider. They tell the merchant that they won’t be switching services, just upgrading, and here sign this to make it official. Now you’ve legally signed with another service provider whose rates you don’t know and whose customer service is probably non-existent, considering the lack of morals employed in conning you to sign their form.
Dissemination of information about PCI compliance and the requirements to make your business PCI compliant has been slow to sink in for a lot of merchants. This new form of fraud is committed by certain fly-by-night providers of merchant services who use the heightened sense of fear that they are in imminent danger of legal penalties for not being PCI compliant.
Find out how to get your business PCI compliant today, for free, on this site.